2

Do I have to use any further encryption method in php with openSSL to send data in network, even if openSSL certificate is installed on server, does it encrypt and decrypts data automatically before sending and recieving data?

eon0x00911
  • 31
  • 2
  • If you are using apache you will need `mod_openssl` otherwise you will need to follow the instructions for whatever server software you are using. Using SSL does not mean your server is secure and you should still do a very careful check for XSS, SQL injection, CSRF, etc. or higher someone else to check for you before deploying – 735Tesla Jan 04 '14 at 22:19
  • yah i m concerned about sql injection and all the problem is, i have encrypted password with many other functions, but i want to verify the other data automatically gets encrypted or not while sending or recieving????????/ – eon0x00911 Jan 04 '14 at 22:22
  • Well that in particular is a really easy fix. Just escape all your query strings that involve user input. – 735Tesla Jan 04 '14 at 22:23
  • hmm i m not getting u, – eon0x00911 Jan 04 '14 at 22:25
  • i just want to know if openSSL certificate automatically encrypts data or not if installed on server? – eon0x00911 Jan 04 '14 at 22:25
  • I was referring to the first part of your comment. For your question could you post the your operating system and server software? And I am not quite sure what you mean by installing the certificates on the server. Did you just copy the files in or did you do all of the necessary configuration. If I knew what software you were using I could answer your question better or at least point you to the right documentation – 735Tesla Jan 04 '14 at 22:26
  • its Ubuntu and apache2 server.. – eon0x00911 Jan 04 '14 at 22:27
  • I think this may help: http://www.dannytsang.co.uk/index.php/create-and-enable-ssl-on-ubuntu-lamp-server/ – 735Tesla Jan 04 '14 at 22:28
  • are you a security reseacher? – eon0x00911 Jan 04 '14 at 22:29
  • "are you a security reseacher?" No not exactly I'm a teenaged enthusiast. "anyways thanx 4 help" You're welcome! – 735Tesla Jan 04 '14 at 22:36
  • oh yeah! i m a teen ager too.. – eon0x00911 Jan 04 '14 at 22:39

1 Answers1

0

The question here is how you are sending the data? For example if you are sending SOAP you will need to send a local_cert parameter (see http://php.net/manual/en/soapclient.soapclient.php or SOAP Client over HTTPS with SSL certificates on both sides) So I think it will depend on how you're sending the data but once PHP knows what its doing it should translate the data for you automatically. With APACHE for example it certainly decodes the SSL encrypted traffic before it gets to PHP and that is done automatically.

Community
  • 1
  • 1
Ukuser32
  • 2,147
  • 2
  • 22
  • 32